Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NBAR on Tunnel interface on ASR1001

I'm running an ASR1001 with IOS-XE version 15.1(3)S6.

I don't seem to be able to apply a policy-map to a tunnel interface that running in "tunnel mode ipsec ipv4". 

The router gives me the error: Error: NBAR is not supported on Tunnel227.  

When I try "ip nbar protocol-discovery" on the tunnel interface, I get the error:

Error: NBAR is not supported on Tunnel227

NBAR 'protocol-discovery' command cannot be turned on this interface because of the following reason:

Unsupported interface type

I tested this on a 2800 series router and it works fine.

I have enabled 'qos pre-classify' on the tunnel interfaces as well as protocol-discovery on the physical interface. 

I've found on several documentation sources that state that NBAR is not support on logical interfaces where tunnelling or encryption is used.

My question is, how come it works on the 2800 router with IOS 12.4(14)T1 but it does not work on the ASR1001 router?

  • WAN Routing and Switching
New Member

NBAR on Tunnel interface on ASR1001

I did some searching and it looks like some "match protocol" statements may be using nbar.  How do I distinguish which "match protocol" statement is using nbar and which one is not?


Cisco Employee

NBAR on Tunnel interface on ASR1001

Hi Vincent,

As per the below Latest document these are the tunnels which are support in these particular IOS. In these last couple of year NBAR added support for several tunneled interfaces: XE3.5/3.6 - IPSec tunnel, GRE tunnel, MGRE tunnel, DMVPN, PPP and Tunneled IPv6. XE3.8 - Port-Channel, Multi-Link PPP, Multi-Link Frame Relay, VASI. XE3.11 - GetVPN Please upgrade to that particular IOS based on type of  tunnel for your requirement.